build: add a deterministic dmg signer
This commit is contained in:
Cory Fields
37
contrib/gitian-descriptors/gitian-osx-signer.yml
Normal file
37
contrib/gitian-descriptors/gitian-osx-signer.yml
Normal file
@@ -0,0 +1,37 @@
|
||||
---
|
||||
name: "bitcoin-dmg-signer"
|
||||
suites:
|
||||
- "precise"
|
||||
architectures:
|
||||
- "amd64"
|
||||
packages:
|
||||
- "libc6:i386"
|
||||
- "faketime"
|
||||
reference_datetime: "2013-06-01 00:00:00"
|
||||
remotes: []
|
||||
files:
|
||||
- "bitcoin-0.9.99-osx-unsigned.tar.gz"
|
||||
- "signature.tar.gz"
|
||||
script: |
|
||||
WRAP_DIR=$HOME/wrapped
|
||||
mkdir -p ${WRAP_DIR}
|
||||
export PATH=`pwd`:$PATH
|
||||
FAKETIME_PROGS="dmg genisoimage"
|
||||
|
||||
# Create global faketime wrappers
|
||||
for prog in ${FAKETIME_PROGS}; do
|
||||
echo '#!/bin/bash' > ${WRAP_DIR}/${prog}
|
||||
echo "REAL=\`which -a ${prog} | grep -v ${WRAP_DIR}/${prog} | head -1\`" >> ${WRAP_DIR}/${prog}
|
||||
echo 'export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1' >> ${WRAP_DIR}/${prog}
|
||||
echo "export FAKETIME=\"${REFERENCE_DATETIME}\"" >> ${WRAP_DIR}/${prog}
|
||||
echo "\$REAL \$@" >> $WRAP_DIR/${prog}
|
||||
chmod +x ${WRAP_DIR}/${prog}
|
||||
done
|
||||
|
||||
UNSIGNED=`echo bitcoin-*.tar.gz`
|
||||
SIGNED=`echo ${UNSIGNED} | sed 's/.tar.*//' | sed 's/-unsigned//'`.dmg
|
||||
|
||||
tar -xf ${UNSIGNED}
|
||||
./detached-sig-apply.sh ${UNSIGNED} signature.tar.gz
|
||||
${WRAP_DIR}/genisoimage -no-cache-inodes -D -l -probe -V "Bitcoin-Qt" -no-pad -r -apple -o uncompressed.dmg signed-app
|
||||
${WRAP_DIR}/dmg dmg uncompressed.dmg ${OUTDIR}/${SIGNED}
|
||||
@@ -106,8 +106,21 @@ script: |
|
||||
./configure --prefix=${BASEPREFIX}/${i} --bindir=${INSTALLPATH}/bin --includedir=${INSTALLPATH}/include --libdir=${INSTALLPATH}/lib --disable-ccache --disable-maintainer-mode --disable-dependency-tracking ${CONFIGFLAGS}
|
||||
make ${MAKEOPTS}
|
||||
make install-strip
|
||||
|
||||
make deploydir
|
||||
mkdir -p unsigned-app-${i}
|
||||
cp contrib/macdeploy/detached-sig-apply.sh unsigned-app-${i}
|
||||
cp contrib/macdeploy/detached-sig-create.sh unsigned-app-${i}
|
||||
cp ${BASEPREFIX}/${i}/native/bin/dmg ${BASEPREFIX}/${i}/native/bin/genisoimage unsigned-app-${i}
|
||||
cp ${BASEPREFIX}/${i}/native/bin/${i}-codesign_allocate unsigned-app-${i}/codesign_allocate
|
||||
cp ${BASEPREFIX}/${i}/native/bin/${i}-pagestuff unsigned-app-${i}/pagestuff
|
||||
mv dist unsigned-app-${i}
|
||||
pushd unsigned-app-${i}
|
||||
find . | sort | tar --no-recursion -czf ${OUTDIR}/${DISTNAME}-osx-unsigned.tar.gz -T -
|
||||
popd
|
||||
|
||||
make deploy
|
||||
${WRAP_DIR}/dmg dmg Bitcoin-Qt.dmg ${OUTDIR}/${DISTNAME}-osx.dmg
|
||||
${WRAP_DIR}/dmg dmg Bitcoin-Qt.dmg ${OUTDIR}/${DISTNAME}-osx-unsigned.dmg
|
||||
|
||||
cd installed
|
||||
find . -name "lib*.la" -delete
|
||||
|
||||
Reference in New Issue
Block a user